I recently discovered Manic Miners, a remake of 1999’s Lego Rock Raiders, and ever since I’ve been busy reliving my childhood in 1080p. Now if only someone could remake Lego Racers 1&2…
Beyond that, I found out that the Steam release of Dwarf Fortress totally passed me by last year, and so I’ve been getting back into that and I keep marveling at the lovely graphics and the mouse control. I’m happy that I can support the creators this way after years of playing the game every once in a while. Still waiting for stuff like Dwarf Therapist, but for the first time I’m playing DF without tons of add-ons and it’s actually pretty neat. I’m looking forward to all the FUN I’ll be having! :P
Reading the blog post, it’s a lot more nuanced than that: someone reported a CVE, which was related to a possible int overflow in client code handling the timeout between requests. NVD chose to grade this as a 9.8/10 on their severity scale (for context, CVE-2014-0160, also known as Heartbleed, got a 7.5/10), which is ludicrous for a bug which could at most change the retry timeout of your request from your intended years to a few seconds. Daniel says that this is not a security vulnerability at all and has no business being listed on the CVE database, whereas NVD argues that it’s a bug, it’s been reported to them and because overflows are undefined behavior, anything can happen and so it’s a security vulnerability.
In the end, they agreed to at least adjust the severity down to a 3.3, but I can understand that Daniel is still somewhat miffed about it. Personally I also agree that it’s not really a security issue and that even a 3.3 is too high in terms of severity.